AIX IBM SDK Java JSSE vulnerability

IBM SECURITY ADVISORY First Issued: Mon Apr 13 12:11:24 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajsse_advisory.asc https://aix.software.ibm.com/aix/efixes/security/javajsse_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/javajsse_advisory.asc =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: Vulnerability in IBM SDK Java JSSE affects AIX PLATFORMS: AIX 5.3, 6.1 and 7.1. VIOS 2.2.x SOLUTION: Apply the fix as described below. THREAT: A remote attacker…

Read More

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Power Hardware Management Console (CVE-2015-0138)

Security Bulletin Summary The “FREAK: Factoring Attack on RSA-EXPORT keys” TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Liberty Profile Version 8.5 that is used by Power Hardware Management Console. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain…

Read More

Security Bulletin: Vulnerabilities in GSKit fixed in IBM Security/Tivoli Directory Server for AIX/VIOS (CVE-2015-0138, CVE-2015-0159)

Security Bulletin Summary GSKit is an IBM component that is used by IBM Security/Tivoli Directory Server. The GSKit that is shipped with IBM Security/Tivoli Directory Server contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys” TLS/SSL client and server vulnerability, IBM Security/Tivoli Directory Server has addressed the applicable CVE. Vulnerability Details CVEID:…

Read More